The views of one man on security, privacy and anything else that catches his attention. The views expressed on this blog do not reflect the views of my employer or anyone other than myself.

Archive for December, 2003

I spent yesterday updating my work and personal IDS’s to Snort 2.1.0. My home system was at revision 2.0.3, and it ended up being easier to throw out my previous configuration and ruleset than to try and figure out what was causing the problem. Snort has added some very powerful new preprocessors to the program, but in the process has depreciated some of the older preprocessors and made the old configuration file useless.

So what do I plan on doing with my newly updated Intrusion Detection System? I think that shortly after the new year starts, I’ll set up a sacrificial FTP server off of the main network and see how long it takes to be hacked. Oh, the strange things computer geeks consider to be fun, though, in my case, I do consider my hobby to also be a business education. My only problem is that I don’t have the room (or power) available in my office to add one more computer. Anyone know how to get a USB wireless card to work under Redhat Linux 9.0?

I remember when I was a child (no comments from the peanut gallery), my parents were into Citizen Band (CB) radios. They performed a number of modifications to their equipment that were questionable, if not downright illegal. The upshot of these modifications was that they were able to play with radio ‘skip’ and communicate with other CB’ers all over the world. They kept a world map on a cork board, and every time they talked to someone in a new country or continent, they would place a pushpin on the map to show where they’d ‘been’.

I think I want to start something similar, but rather than mark the connections to other geeks, I want to start tracking the source of intrusion attempts against the networks I safeguard. Not all of them, just the attempts that are important enough to research and track. So far, in the last month I’ve had several fairly major attempts from hosts in countries like Germany, South Korea and Iran. Not to say that this is the origin of the actual hacker, but this is where the attacks are coming from.

Anyone know a program that would allow me to post a map online and then put virtual pushpins on it? This may be a fun project for some free time. Not that I have any of that.

I know a lot of people out there did. I forget where I read it, but apparently this influx of new computers on the Internet causes a nasty little spike of virus and hacking activity every year. I’ve already seen some indication that this may be true on my home IDS, as well as the one at work. In both cases, it seems to be a slight increase in malicious traffic. Of course, it might just be my imagination. I’m too tired to actually figure out the statistics.

If you were on of the lucky ones who, unlike me, got a new computer, do me a favor and read my little blog on Security Primer for the Non-technical. Take a few minutes to figure out how to patch your system. Install an anti-virus program if your computer didn’t come with one (AVG by GRI Soft is a good, FREE, choice for anti-virus). If you have DSL or Cable, use a router with a built in firewall, or at least get a personal firewall. It doesn’t take much to become reasonably safe on the Internet, but you do have to make the decision to do it.

I wanted a new computer for X-mas. The bad part is that I have absolutely no need for a new one, since the current mass of computers in my office more than meet my needs. That doesn’t stop me from wanting. The inner geek in me is wailing for new hardware. The outer geek is just whimpering a little.

I have to laugh at myself sometimes. My big tilt at the windmill of Security (Cervantes, anyone?) for today is telling a user that I can’t help them since they are using a system that is not approved in our enterprise. “I’ll help you, but only if you switch to an approved web server.” I do not make a good passive/aggressive. I’m usually better at straight forward aggression ala, “Shut down that system or I’ll shut it down for you!” I’m learning though.

Here’s hoping you have a Merry Chistmas! I, for one, have to work Christmas Eve, and the day after Christmas (don’t the Canadians call that Boxing Day?), as well as New Years Eve. I hope you’re a little luckier and have some time off. Either way, take some time to appreciate what you have. After all, isn’t that what this time of year is really all about.

I’m always have to be cautious about what I put on this site. I know at least one of my co-workers read the site from time to time, and I don’t want to disclose any secrets of the internal workings of the business I work for. On the other hand, I want to let others know about some of the trials and tribulations I have to go through on a daily basis, so they can take heed of my mistakes. I’m sure that someone will let me know when I step over the line.

The last two days have been very exciting at work, and not in a positive way. You would think that, by now, every server in the corporation would be patched (with the major ones, at least), have anti-virus, and be properly managed. But that is obviously too much to ask. On Thursday afternoon, I came back from lunch to find that we had an infestation of the Nachi worm. It turns out that a host that had become infected several months ago had been unplugged and placed in a closet. When it was brought out Thursday morning, the infection began.

I recently read an article that stated over half of all blogs are created, edited and updated only once. That is, the owner takes the time and energy to create the blog, and then never goes back to it again. Kind of reminds me of the email account I set up for my wife.

I have set a personal goal to post to this blog at least once a week, even if it is only to say that I have nothing to say. I hadn’t posted in several weeks, and one theory is that I’ve just been too busy. A more accurate theory would be that I’m too burnt out. I love security, the challenges and puzzles offered by the job, but sometimes the people aspect of the job gets to me. I don’t do politics well, and I have come to realize more and more that the security profession is built on politics. I guess I’ll have to treat the political manuevering as another technology to learn. Internal politics can’t be any more buggy than most Microsoft products.

Speaking of jobs, I’m looking for a new one. For various reason’s I have decided that its time to move on from my current position as a contractor. In several days I will have completed two years on my current contract. Its time for me to find a more permanent position with a company. I have several copies of my resume out already, but if anyone has a great position with my name on it, please contact me!

So, that’s it for now. Next week I think I’ll write a rant on security policies. “Write security policies for the real world, stoopid!”